Created attachment 3965[details]
fixes this bug
This patch fixes this bug.
I am still a bit worried about the foor loop directly after
/* find out what our safety margin is */
It tries to analyze "src" but, I don't know exactly what it is trying to do. For instance why does it have
depth = 0
and not --depth? How does take care of symbolic links inside the "src" path? In general ".." in the root directory is also the root directory. Is that considered? I know too little about what restrictions the arguments coming into this function have already gone through ( filtering, cleaning up ).

Thanks. I've committed an improved version of the unsafe_symlinks() function and put some extra items into the test case.
As for why the depth scanner is setting depth = 0 for any ".." in the src: it's being extra conservative. ".." should never appear in the source, but if it does, we just restart depth counting at that point.